Pervasive technologies and its implication on security

All of us are, to some extent, slaves to technology. Judicious use of technology is mandated. Human kind has, so far, been naïve in adopting technology with the presumption that it will always be used in the right spirit, but we have seen it being used in the wrong context over and over again. This article is about the implications of malicious use of pervasive technology.

Invasion of technology

Almost every aspect of our life is driven by technology. Consider a TV, for example. Most new TVs are IP enabled. You can undertake various activities based on the extent of IP integration with technology—with gadgets like Apple TV, you can live stream YouTube videos, access social media, and so on. There are even refrigerators with Internet access that facilitate videos and listening to audio. Technology invasion into the mobile phone, tablet and phablet world is ubiquitous. There have been reported cases of suicide due to the loss of a mobile phone. Our addiction to technology is high. Even central heating and cooling systems have programmable components in them.

It is difficult to categorise this invasion of technology into good or bad since technology has made many unthinkable ideas thinkable. There has been a profound effect from technology infiltrating our lifestyle, however, technologies are typically invented without thought of the hackers looking to take advantage of them. Let us consider some implications.

Implication of technology on security

Playing devil’s advocate, the implications outlined here might not happened commonly yet, but they can easily happen.

Road Signals – Did you know that traffic signals and traffic signboards have programmable parts? It is also worth noting that most of the passwords to access programmable parts are relatively simple. We won’t discuss the process of hacking them here, but just imagine the chaos that can result if traffic signals suddenly malfunctioned or were controlled by hacking, and then returned to normal. It could certainly cause accidents. The signboards that are installed to redirect traffic can also be used to misguide traffic if hacked.

If VIP traffic can be hampered by any of these types of attack, it could be catastrophic

TV – Consider a scenario where your TV channel designated as ABC24 is hacked to actually show FashionTV. If TV channels were hidden at a time when a natural calamity hits or terrorist attack happens, the viewer can be shielded from important safety information.

Electronic Equipment or Device Recycling – There is a lot of sensitive information residing on electronic devices like desktops, laptops and mobiles. The pace of change of technology makes it almost impossible to continue using a device after a couple of years. Soon, if not already, households will have a box of old of electronic devices with sensitive data, waiting to be recycled. You can simply delete the sensitive information on the device before recycling it to make it safe right? Wrong. A lot of sensitive data remains on these devices, the location of which is unknown to the user. The private keys for digital certificates are one example. Encrypted passwords are another. Even if you knew the location of all the sensitive information on your device and deleted it, you are still not safe. After a piece of data is deleted, it can be undeleted due to the properties of the silicon that stores it. You would need to run a secure delete function to ensure all data cannot be recovered, but even the most powerful secure delete algorithms are only partially successful at wiping data from the silicon.

Mobile Phone – The iPhone has been recently attacked successfully by a virus called WireLurker. Soon you may have viruses that change the phone number associated with the name, so while you might think you are calling a friend to discuss a secret, you might actually divulge this to someone else. Considering how heavily dependent we are on mobile phones, the potential for disastrous scenarios is great, to say the least.

Wearable gadgets – There are host of wearable gadgets already on the market. Your fitness gadget would normally monitor your heart rate, perhaps to prevent over-exercising or exceeding your maximum recommended heart rate. The consequence of an attack on this device, so that it displays an incorrect low heart rate may be disastrous. Consider the possible effects of hacking Google Glass as well.

Pacemakers – Pacemakers installed in the body of heart patients are also a vulnerable gadget. If the flow of electricity to the pacemaker is interfered with, it could be fatal. Similar kinds of attacks are possible on insulin pumps. Any technology used for medical purposes could be vulnerable

Stuxnet – Stuxnet, though well known, is the first known attack on the automation of electromechanical processes. This could be used to attack nuclear plants or other plants with disastrous effects. Following similar thinking, we may soon see attacks on Field Programmable Gate Arrays (FPGA) that are becoming the heart of most mathematically intensive computations within data centres.

Virtualised infrastructure – The heart of virtualised infrastructures like hypervisors have also been successfully attacked. Changes to a hypervisor can have a simultaneous effect on all virtual machines that reside on it so it can therefore affect multiple organisations that share the same hypervisor. Data centres can also be physically attacked.

There are many more exotic implications of technology use in today’s world. This list is by no means an exhaustive list.

Possible Trade-offs

It is beyond doubt that almost every aspect of our life can be compromised by a persistent and intelligent hacker. But what does that mean? Should we go back to the stone ages? Not really. If the vendors of technologies provide a method for doing sanity tests at regular intervals in addition to the preventive measures, then many problems will be detected before they cause harm, even if prevention is not possible. What does that mean? In the future, sanity testing and the ways to do sanity testing will gain importance far more than they have now.

Technology development in the future must be done in concert with appropriate security measures so that the technology’s pervasiveness does not cause harm. The security measures developed must be multi-fold so that failure on one front does not lead to compromise. Technology is so ingrained in our lives that it would be foolish for us to not have a multi-faceted approach to safety.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.